Bind can not resolve.

Mark Andrews Mark_Andrews at isc.org
Thu Mar 29 02:35:39 UTC 2007


> In article <euf6oj$e9l$1 at sf1.isc.org>,
>  Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> > > In article <eud6c6$25r1$1 at sf1.isc.org>,
> > >  Mark Andrews <Mark_Andrews at isc.org> wrote:
> > > 
> > > > > bind9 seem to be unable to resolve if during resolution of an A recor
> d 
> > > > > a
> > > > > CNAME is returned pointing to a parent domain without the correspondi
> ng 
> > > > > A
> > > > > record.
> > > > > 
> > > > > Example: cname.bind9.expol.us
> > > > > 
> > > > > Trying CNAME first makes A resolution work, otherwise I get SERVFAIL.
> > > > 
> > > > 	It would help if the authorative servers actually followed
> > > > 	RFC 1034.  The server should be including the A record in
> > > > 	the answer as it serves the parent zone.  If should also be
> > > > 	returning a referral to the parent zone (not the child zone)
> > > > 	if it returns the implicit referral.
> > > 
> > > While this would certainly make resolution faster, I can't see why 
> > > failing to follow the CNAME should cause the resolver to fail.  If the 
> > > authoritative server doesn't follow the CNAME automatically, the 
> > > resolver should do so, just as it must if the CNAME pointed to a zone 
> > > that's hosted on a different server from the CNAME itself.
> > 
> > 	By not following the algorithm through to conclusion they
> > 	generated a bad referral.
> 
> What referral?  It looks to me like it's the NS record of the zone 
> containing the record being returned.  It's normal behavior to include 
> this record in the authority section of a response.

	Not when you are *following* (QTYPE != CNAME or *) a CNAME.
	The authority section refers to the new QNAME.
 
> > 	"foo.expol.us" is not a (sub)domain of "bind9.expol.us".
> > 
> > 	Named rejects this.  Yes we are picky however we have been
> > 	burnt too many times by not being picky enough.
> 
> > 
> > 	Note the response below would be fine if the QTYPE was
> > 	CNAME or * as the CNAME is not supposed to be followed
> > 	in those cases.
> 
> What if the CNAME pointed to a totally unrelated zone that wasn't in the 
> authoritative server's cache?  Wouldn't you expect it to return an 
> answer just like the one below?

	If QTYPE is CNAME or *.  Yes.
	If QTYPE is not CNAME or *.  No.

> > 	Mark
> > 
> > ; <<>> DiG 9.3.3 <<>> cname.bind9.expol.us @NS1.expol.us +norec
> > ; (1 server found)
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34231
> > ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> > 
> > ;; QUESTION SECTION:
> > ;cname.bind9.expol.us.		IN	A
> > 
> > ;; ANSWER SECTION:
> > cname.bind9.expol.us.	300	IN	CNAME	foo.expol.us.
> > 
> > ;; AUTHORITY SECTION:
> > bind9.expol.us.		7200	IN	NS	ns1.expol.us.
> > 
> > ;; ADDITIONAL SECTION:
> > ns1.expol.us.		7200	IN	A	66.125.246.106
> > 
> > ;; Query time: 180 msec
> > ;; SERVER: 66.125.246.106#53(66.125.246.106)
> > ;; WHEN: Thu Mar 29 11:47:21 2007
> > ;; MSG SIZE  rcvd: 90
> > 
> > > 
> > > -- 
> > > Barry Margolin, barmar at alum.mit.edu
> > > Arlington, MA
> > > *** PLEASE post questions in newsgroups, not directly to me ***
> > > *** PLEASE don't copy me on replies, I'll read them in the group ***
> > > 
> > >
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***

> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list